* @version 3.0.0
* @copyright Copyright (c) 2009, 2010 Cracker Tracker Team
* @license GNU GPL 3.0 or any newer version
* @link http://www.ship-simu.org
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see .
*/
// Function to aquire a database link
function aquireCrackerTrackerDatabaseLink () {
// Is the link up?
if ((!isCrackerTrackerDatabaseLinkUp()) && (!empty($GLOBALS['ctracker_host'])) && (!empty($GLOBALS['ctracker_dbname'])) && (!empty($GLOBALS['ctracker_user']))) {
// Then connect to the database
$GLOBALS['ctracker_link'] = mysql_connect($GLOBALS['ctracker_host'], $GLOBALS['ctracker_user'], $GLOBALS['ctracker_password']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
// Select the database
if (!mysql_select_db($GLOBALS['ctracker_dbname'], $GLOBALS['ctracker_link'])) {
// Attempt has failed
crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
} elseif (isCrackerTrackerTableCreated('ctracker_config')) {
// Load the config
crackerTrackerLoadConfig();
}
} // END - if
}
// Checks if the link is up
function isCrackerTrackerDatabaseLinkUp () {
return ((isset($GLOBALS['ctracker_link'])) && (is_resource($GLOBALS['ctracker_link'])));
}
// Database error detected
function crackerTrackerDatabaseError ($F, $L) {
// Should we debug?
if (isCrackerTrackerDebug()) {
// Output error
print 'Function : ' . $F . '
';
print 'Line : ' . $L . '
';
print 'MySQL error : ' . mysql_error() . '
';
print 'Last SQL : '. $GLOBALS['ctracker_last_sql'] . '
';
} // END - if
// Currently only die here
crackerTrackerDie();
}
// Closes a maybe open database link
function crackerTrackerCloseDatabaseLink () {
// Is the link up?
if (isCrackerTrackerDatabaseLinkUp()) {
// Did it work?
if (!mysql_close($GLOBALS['ctracker_link'])) {
// Remove the link from global array
unset($GLOBALS['ctracker_link']);
// Attempt has failed
crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
} // END - if
} // END - if
// Remove the link from global array
unset($GLOBALS['ctracker_link']);
}
// Inserts given array, if IP/check_worm combination was not found
function crackerTrackerInsertArray ($table, $rowData) {
// Is there a link up?
if (!isCrackerTrackerDatabaseLinkUp()) {
// Abort silently here
return false;
} // END - if
// Is it found?
if (!isCrackerTrackerEntryFound($rowData)) {
// Prepare SQL
$SQL = 'INSERT INTO `' . $table . '` (`' . implode('`,`', array_keys($rowData)) . '`) VALUES(' . implode_secure($rowData) . ')';
// Reset insert id
$GLOBALS['ctracker_last_insert_id'] = false;
// Run it
runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__);
// Remember the last insert id
$GLOBALS['ctracker_last_insert_id'] = mysql_insert_id($GLOBALS['ctracker_link']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
} else {
// Only update the entry
updateCrackerTrackerEntry($rowData);
}
}
// Updates a given entry by just counting it up
function updateCrackerTrackerEntry ($rowData) {
// Construct the SELECT query
$SQL = 'UPDATE `ctracker_data` SET `count`=`count`+1 WHERE `remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" AND `check_worm` = "' . crackerTrackerEscapeString($rowData['check_worm']) . '" LIMIT 1';
// Run the SQL and check if we have one line
runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__);
}
// Checks if an entry with IP/check_worm/domain combination is there
function isCrackerTrackerEntryFound ($rowData) {
// Construct the SELECT query
$SQL = 'SELECT `id` FROM `ctracker_data` WHERE `remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" AND `check_worm` = "' . crackerTrackerEscapeString($rowData['check_worm']) . '" AND `server_name`="' . crackerTrackerEscapeString($rowData['server_name']) . '" LIMIT 1';
// Run the SQL and check if we have one line
return ((isCrackerTrackerDatabaseLinkUp()) && (mysql_num_rows(runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__)) == 1));
}
// Escapes the string
function crackerTrackerEscapeString ($string) {
// Is the link up?
if (!isCrackerTrackerDatabaseLinkUp()) {
// Then we cant use mysql_real_escape_string!
$string = addslashes($string);
} elseif (function_exists('mysql_real_escape_string')) {
// Use mysql_real_escape_string()
$string = mysql_real_escape_string($string, $GLOBALS['ctracker_link']);
} elseif (function_exists('mysql_escape_string')) {
// Use deprecated function
$string = mysql_escape_string($string, $GLOBALS['ctracker_link']);
} else {
// Use fall-back (bad!)
$string = addslashes($string);
}
// Return the secured string
return $string;
} // END - if
// Runs an SQL query and checks for errors
function runCrackerTrackerSql ($SQL, $F, $L) {
// Is the link up?
if (!isCrackerTrackerDatabaseLinkUp()) {
// Abort here
crackerTrackerDie();
} // END - if
// Remember last SQL
$GLOBALS['ctracker_last_sql'] = $SQL;
// Run the query
$GLOBALS['ctracker_last_result'] = mysql_query($SQL, $GLOBALS['ctracker_link']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
// And return it
return $GLOBALS['ctracker_last_result'];
}
// Checks wether a table was found
function isCrackerTrackerTableCreated ($table) {
// Default is not found
$found = false;
// Run the query
$result = runCrackerTrackerSql('SHOW TABLES', __FUNCTION__, __LINE__);
// Is our table there?
while (list($tab) = mysql_fetch_row($result)) {
// Is the table there?
if ($tab == $table) {
// Okay, found. So abort
$found = true;
break;
} // END - if
} // END - if
// Free result
mysql_free_result($result) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
// Return result
return $found;
}
// Creates the given table with columns
function crackerTrackerCreateTable ($table, array $columns, array $keys) {
// Begin the SQL
$SQL = 'CREATE TABLE IF NOT EXISTS `' . $table . '` (';
// Add table name as first column
$SQL .= '`' . $table . '` BIGINT ( 20 ) UNSIGNED NOT NULL AUTO_INCREMENT, ';
// Add all columns
foreach ($columns as $column=>$type) {
// Add this entry
$SQL .= '`' . $column . '` ' . $type . ', ';
} // END - foreach
// Add table name as primary key
$SQL .= 'PRIMARY KEY (`' . $table . '`), ';
// Add keys
foreach ($keys as $key=>$type) {
// Add this entry
$SQL .= '' . $type . ' (`' . $key . '`), ';
} // END - foreach
// Finish SQL
$SQL = substr($SQL, 0, -2) . ') TYPE=InnoDB';
// And run it
runCrackerTrackerSql($SQL);
}
// Inits a table by inserting
function crackerTrackerInitTable ($table) {
// Prepare SQL and run it
runCrackerTrackerSql('INSERT INTO `' . $table . '` (`' . $table . '`) VALUES (NULL)');
}
// Updates the database scheme automatically
function crackerTrackerUpdateDatabaseScheme () {
// Is a link there?
if (!isCrackerTrackerDatabaseLinkUp()) {
// Abort here silently
return;
} // END - if
// Is the main config table there?
if (!isCrackerTrackerTableCreated('ctracker_config')) {
// Then do it for us
crackerTrackerCreateTable('ctracker_config', array(
'ctracker_db_version' => 'BIGINT ( 20 ) UNSIGNED NOT NULL DEFAULT 0',
'ctracker_min_sleep' => 'SMALLINT ( 5 ) UNSIGNED NOT NULL DEFAULT 10',
'ctracker_max_sleep' => 'SMALLINT ( 5 ) UNSIGNED NOT NULL DEFAULT 30',
'ctracker_alert_user' => "ENUM('Y','N') NOT NULL DEFAULT 'Y'",
'ctracker_language' => "CHAR ( 2) NOT NULL DEFAULT 'en'"
), array());
// Init that table
crackerTrackerInitTable('ctracker_config');
} // END - if
// Init update array here
crackerTrackerInitUpdates();
// Run any SQL updates recursively
while (isset($GLOBALS['ctracker_updates'][getCrackerTrackerConfig('ctracker_db_version')])) {
// Run that updates
runCrackerTrackerUpdates(getCrackerTrackerConfig('ctracker_db_version'));
// Update config
runCrackerTrackerSql('UPDATE `ctracker_config` SET `ctracker_db_version`=`ctracker_db_version`+1 WHERE `ctracker_config`=1 LIMIT 1', __FUNCTION__, __LINE__);
// And count it up in the config array
$GLOBALS['ctracker_config']['ctracker_db_version']++;
} // END - if
}
// Load the configuration
function crackerTrackerLoadConfig () {
// Construct SQL command and run it
$result = runCrackerTrackerSql('SELECT * FROM `ctracker_config` WHERE `ctracker_config`=1 LIMIT 1', __FUNCTION__, __LINE__);
// And get it
$GLOBALS['ctracker_config'] = mysql_fetch_array($result);
// Free result
mysql_free_result($result) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
}
// Getter for config
function getCrackerTrackerConfig ($entry) {
// Is the config entry there?
if (!isset($GLOBALS['ctracker_config'][$entry])) {
// Then better die here, else we may have an endless loop
if (isCrackerTrackerDebug()) {
// Nicer message in debug mode
die('Configuration entry ' . $entry . ' missing!');
} else {
// die() on production systems
die();
}
} // END - if
// Return it
return $GLOBALS['ctracker_config'][$entry];
}
// Did the current IP already generated blocked attempts?
function isCrackerTrackerIpSuspicious () {
// We only need the very last attempt to get!
$result = runCrackerTrackerSql("SELECT * FROM `ctracker_data` WHERE `remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' ORDER BY `last_attempt` DESC LIMIT 1", __FUNCTION__, __LINE__);
// Do we have entries?
$found = (mysql_num_rows($result) == 1);
// And again?
if ($found === true) {
// Cache the entry
$GLOBALS['ctracker_last_suspicious_entry'] = mysql_fetch_array($result);
} // END - if
// Free result
mysql_free_result($result) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
// Return the result
return $found;
}
// Does the current IP have a ticket?
function ifCrackerTrackerIpHasTicket () {
// We only give one ticket per IP!
$result = runCrackerTrackerSql("SELECT * FROM `ctracker_ticket` WHERE `ctracker_ticket_remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' LIMIT 1", __FUNCTION__, __LINE__);
// Do we have a ticket?
$found = (mysql_num_rows($result) == 1);
// And again?
if ($found === true) {
// Cache the ticket data
$GLOBALS['ctracker_last_ticket'] = mysql_fetch_array($result);
} // END - if
// Free result
mysql_free_result($result) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
// Return the result
return $found;
}
// Adds a ticket based on given (mostly $_POST) data
function addCrackerTrackerTicket (array $data) {
// Prepare the array
$GLOBALS['ctracker_last_ticket'] = array(
'ctracker_ticket_remote_addr' => determineCrackerTrackerRealRemoteAddress(),
'ctracker_ticket_user_agent' => crackerTrackerUserAgent(),
'ctracker_ticket_name' => crackerTrackerSecureString($data['name']),
'ctracker_ticket_email' => crackerTrackerSecureString($data['email']),
'ctracker_ticket_comment' => crackerTrackerSecureString($data['comment'])
);
// Insert it
crackerTrackerInsertArray('ctracker_ticket', $GLOBALS['ctracker_last_ticket']);
// Is there an entry?
if ((isset($GLOBALS['ctracker_last_insert_id'])) && ($GLOBALS['ctracker_last_insert_id'] > 0)) {
// All fine, so prepare the link between ticket<->data
$data = array(
'ctracker_ticket_id' => $GLOBALS['ctracker_last_insert_id'],
'ctracker_data_id' => $GLOBALS['ctracker_last_suspicious_entry']['id']
);
// And insert it as well
crackerTrackerInsertArray('ctracker_ticket_data', $data);
// Add ticket id again
$GLOBALS['ctracker_ticket'] = $data['ctracker_ticket_id'];
// Merge all data for emails
$GLOBALS['ctracker_last_ticket'] = array_merge($GLOBALS['ctracker_last_ticket'], $data);
// Is this also there?
if ((isset($GLOBALS['ctracker_last_insert_id'])) && ($GLOBALS['ctracker_last_insert_id'] > 0)) {
// All fine, so display "thank you page"
crackerTrackerLoadTemplate('add_ticket_thanks');
} else {
// Did not insert
crackerTrackerDie();
}
} else {
// Did not insert
crackerTrackerDie();
}
}
// [EOF]
?>